GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays
A newly discovered npm and PyPI malware campaign installs hidden LLM proxies on compromised servers, turning them into relay nodes for LLM traffic. Category: Vulnerabilities & Threats
Read the full articleYou might also wanna read

How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM
On March 24, 2026, threat actor known as TeamPCP published backdoored versions of the litellm Python package after stealing PyPI credentials
Backdoored node-ipc npm releases steal developer credentials through DNS queries
An analysis of backdoored node-ipc npm releases that add an obfuscated credential collection and DNS exfiltration payload to the CommonJS en
Malicious litellm 1.82.8: Credential Theft and Persistent Backdoor
Analysis of compromised litellm 1.82.8 on PyPI: a .pth file triggers credential theft, AWS/K8s secret exfiltration, and persistent C2 backdo
Local LLMs Show 95% Vulnerability to Backdoor Injection Attacks in Security Research
Local LLMs prioritize privacy over security. Our research reveals a 95% backdoor injection success rate.

Security Risks of Malicious Backdoors in Large Language Models
LLM security is a critical risk for open-weight models. Learn how malicious backdoors are easily fine-tuned into AI agents to execute harmfu
pub.aimind.so·11mo agoCritical Security Alert: Malicious Credential-Stealing File Found in litellm 1.82.8 PyPI Package
[LITELLM TEAM] - For updates from the team, please see: #24518 [Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 PyPI packa

Comments
Sign in to join the conversation.
No comments yet. Be the first.